hatter/card-cli
1
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: u2f sign

Browse Source
This commit is contained in:
Hatter Jiang
2022-03-27 16:53:52 +08:00
parent 9be508e562
commit b30aab4e03
1 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
src/cmd_u2fsign.rs
View File

@@ -4,6 +4,7 @@ use authenticator::{AuthenticatorTransports, KeyHandle, SignFlags};
use authenticator::authenticatorservice::AuthenticatorService; use authenticator::authenticatorservice::AuthenticatorService;
use authenticator::statecallback::StateCallback; use authenticator::statecallback::StateCallback;
use clap::{App, Arg, ArgMatches, SubCommand}; use clap::{App, Arg, ArgMatches, SubCommand};
use openssl::sha::sha256;
use rust_util::util_clap::{Command, CommandError}; use rust_util::util_clap::{Command, CommandError};
use crate::digest; use crate::digest;
@@ -77,18 +78,38 @@ impl Command for CommandImpl {
let sign_result = opt_result!(sign_rx.recv(), "Problem receiving, unable to continue: {}"); let sign_result = opt_result!(sign_rx.recv(), "Problem receiving, unable to continue: {}");
let (_, handle_used, sign_data, device_info) = opt_result!(sign_result, "Sign failed: {}"); let (_, handle_used, sign_data, device_info) = opt_result!(sign_result, "Sign failed: {}");
let user_presence_flag = &sign_data[0];
let counter = &sign_data[1..=4];
let signature = &sign_data[5..];
success!("Device info: {}", &device_info); success!("Device info: {}", &device_info);
success!("Sign challenge: {}", u2fv2_challenge_str); success!("Sign challenge: {}", u2fv2_challenge_str);
success!("Sign challenge base64: {}", base64::encode(&u2fv2_challenge_str)); success!("Sign challenge base64: {}", base64::encode(&u2fv2_challenge_str));
success!("Sign result : {}", base64::encode(&sign_data)); success!("Sign result : {}", base64::encode(&sign_data));
success!("Key handle used: {}", base64::encode(&handle_used)); success!("- presence : {}", user_presence_flag);
success!("Key handle used: {}", hex::encode(&handle_used)); success!("- counter : {}", u32::from_be_bytes([counter[0], counter[1], counter[2], counter[3]]));
success!("- signature: {}", base64::encode(&signature));
// success!("Key handle used: {}", base64::encode(&handle_used));
success!("Key handle: {}", hex::encode(&handle_used));
if let Some(public_key_hex) = sub_arg_matches.value_of("public-key-hex") { if let Some(public_key_hex) = sub_arg_matches.value_of("public-key-hex") {
let public_key = opt_result!(hex::decode(public_key_hex), "Parse public key hex failed: {}"); let public_key = opt_result!(hex::decode(public_key_hex), "Parse public key hex failed: {}");
let client_data = u2fv2_challenge_str.as_bytes().to_vec();
let app_id_hash = sha256(app_id.as_bytes());
let client_data_hash = sha256(&client_data[..]);
let mut msg = Vec::with_capacity(128);
msg.extend_from_slice(&app_id_hash);
msg.push(*user_presence_flag);
msg.extend_from_slice(counter);
msg.extend_from_slice(&client_data_hash);
information!("Public key: {}", base64::encode(&public_key));
information!("Signed message: {}", base64::encode(&msg));
let authorization = u2f::authorization::parse_sign_response( let authorization = u2f::authorization::parse_sign_response(
app_id.to_string(), app_id.to_string(),
u2fv2_challenge_str.as_bytes().to_vec(), client_data,
public_key, public_key,
sign_data, sign_data,
); );